<?php
class indexModel extends RPHP_Model
{
    protected $_auth = null;

    //执行登录
    public function doSignin($para, $ip = false)
    {
        if (!$ip) {
            $ip = $_SERVER['REMOTE_ADDR'];
        }

        //检查参数
        $rs['code'] = 900;
        $do         = true;

        //检查帐号
        if ($para['signin_account'] != "" && $do) {
            $account = trim($para['signin_account']);
            //检查格式
            if (preg_match("/^([_a-zA-Z0-9]+([\._a-zA-Z0-9-]+)*)@([a-z0-9-]{1,}(\.[a-z0-9-]{2,})*\.[a-z]{2,3})$/", $account)) {
                $isemail = true;
                $where   = "`email`='" . $account . "'";
            } elseif (preg_match("/^(13|14|15|17|18)([0-9]{9})$/", $account)) {
                $ismobile = true;
                $where    = "`mobile`='" . $account . "'";
            } else {
                $do         = false;
                $rs['code'] = 405;
            }
        }

        //检查密码
        if ($para['signin_password'] != "" && $do) {

            $stl = strlen($para['signin_password']);
            if ($stl >= 6 && $stl <= 50) {
                $password = $para['signin_password'];
            } else {
                $do         = false;
                $rs['code'] = 408;
            }
        }
        if ($do) {
            //查找帐号数据
            $sql  = "SELECT * FROM {$this->_prefix['primary']}admin_account WHERE " . $where . " LIMIT 1";
            $user = $this->db->getrow($sql);
            if ($user) {

                if ($user['stat'] == 1) {
                    $password = md5(md5($para['signin_password']) . $user['pass_rand']);
                    //比对密码
                    if ($password == $user['password']) {

                        //开始事务
                        $this->db->begin();
                        $rollback = true;

                        $rs['token'] = md5($this->c['secrkey'] . $user['aid'] . $_SERVER['REQUEST_TIME'] . $ip);
                        //插入新的在线
                        $sql = "INSERT INTO {$this->_prefix['primary']}admin_online (`aid`,`token`,`time`,`ip`,`lastact_time`) VALUES
						  (" . $user['aid'] . ",'" . $rs['token'] . "'," . $_SERVER['REQUEST_TIME'] . ",'" . $ip . "'," . $_SERVER['REQUEST_TIME'] . ")";

                        $onlineid = $this->sql($sql);
                        if ($onlineid > 0) {

                            //插入登录日志
                            $sql = "INSERT INTO {$this->_prefix['primary']}admin_signinlog (`aid`,`log_time`,`log_ip`) VALUES
							  (" . $user['aid'] . "," . $_SERVER['REQUEST_TIME'] . ",'" . $ip . "')";
                            $logid = $this->sql($sql);

                            if ($logid > 0) {

                                $rollback = false;
                                $this->db->commit();
                                $rs['code'] = 200;
                                $rs['data'] = array(
                                    'aid'         => $user['aid'],
                                    'token'       => $rs['token'],
                                    'signin_time' => $_SERVER['REQUEST_TIME'],
                                    'signin_ip'   => $ip,
                                    'last_action' => $_SERVER['REQUEST_TIME'],
                                    'realname'    => $user['realname'],
                                );

                            }

                        } else {
                            $rs['code'] = 503;
                        }

                        if ($rollback) {
                            $this->db->rollback();
                        }

                    } else {
                        $rs['code'] = 502;
                    }

                } else {
                    $rs['code'] = 402;
                }

            } else {
                $rs['code'] = 407;
            }

        }

        return $rs;

    }
}
